1 



CLAIMS 



2 What is claimed is: 



3 LA method comprising key distribution in a conditional access system, wherein a set of 

4 all user nodes which the system can accommodate is a complete set, and a subset is 

5 composed of all or part of the user nodes, said key distribution comprising the steps of: 



6 decomposing said subset into at least one secondary subset; 

7 assigning a different user key to each secondary subset, each said user key 

8 being transmitted to all users in a corresponding secondary subset; 

9 encrypting an entitlement key by using each said user key so as to generate a 

1 0 cipher text corresponding to each said secondary subset; and 

1 1 combining said cipher text to generate a media key control block. 



12 2. A method according to claim 1, further comprising the step of transmitting said media 

1 3 key control block to all users in said subset. 

14 3. A method according to claim 1 , wherein a video program is encrypted using said 

15 entitlement key. 

16 4. A method according to claim 1, wherein a control word is encrypted using said 

17 entitlement key, and a video program is encrypted using said control word. 

18 5. A method according to claim 3, wherein the users of each said secondary subset 

1 9 identifies said cipher text of the secondary subset to which a user belongs from said 
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1 media key control block, and decrypts said cipher text by using the user key of said user 

2 so as to obtain said entitlement key. 

3 6. A method according to claim 1 , wherein said media key control block can be 

4 transmitted uni-directionally on a broadcast channel. 

5 7. A method according to claim 1 , wherein said decomposed secondary subset can be 

6 maintained unchanged after the setup of said system. 

7 8. A method according to claim 1 , wherein a binary tree algorithm is used to decompose 

8 said subset into said at least one secondary subset. 

9 9. A method according to claim 1 , wherein a multiple tree algorithm is used to 

1 0 decompose said subset into said at least one secondary subset. 

11 1 0. An apparatus for key distribution in a conditional access system, wherein a set of all 

1 2 user nodes which the system can accommodate is a complete set, and a subset is 

1 3 composed of all or part of the user nodes, said apparatus comprising: 

1 4 a decomposing unit for decomposing said subset into at least one secondary subset, 

1 5 and assigning a different user key to each secondary subset, each said user key being 

1 6 transmitted to all users in a corresponding secondary subset; 

1 7 a generating unit for encrypting an entitlement key by using each said user key so 

18 as to generate each cipher text corresponding to each said secondary subset; 

1 9 a combining unit for combining said cipher text to generate a media key control 

20 block; and 
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1 an entitlement control means for controlling the corresponding operation of each 

2 said unit and outputting said media key control block. 

3 1 1 . An apparatus for key distribution according to claim 1 0, further comprising a 

4 transmitting means for transmitting said media key control block received from said 

5 entitlement control means to all users in said subset. 

6 12. A transmitting apparatus in a conditional access system, wherein a set of all user 

7 nodes which the system can accommodate is a complete set, and a subset is composed of 

8 all or part of the user nodes, comprising: 



9 a decomposing unit for decomposing said subset into at least one secondary subset, 

10 and assigning a different user key to each secondary subset, each said user key being 

1 1 transmitted to all users in a corresponding secondary subset; 

12 a generating unit for encrypting an entitlement key using each said user key so as to 

1 3 generate a cipher text corresponding to each said secondary subset; 

14 a combining unit for combining said cipher text to generate a media key control 

15 block; 

1 6 a program scrambling unit for scrambling a video program by using said 

17 entitlement key; 

18 a transmitting unit for transmitting the scrambled video program and said media 

19 key control block to a receiving apparatus; and 

20 an entitlement control means for controlling the corresponding operation of each of 

2 1 said units and outputting said media key control block to said transmitting unit. 

22 13. A transmitting apparatus according to claim 12, wherein said transmitting apparatus 

23 further comprises a control word encrypting unit for encrypting a control word into said 
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1 cipher text by using said entitlement key under the control of said entitlement control 

2 means, wherein said program scrambling unit encrypts said video program by using said 

3 control word. 

4 14. A transmitting apparatus according to claim 13, wherein said cipher text is an 

5 entitlement control message (ECM). 

6 15. A transmitting apparatus according to claim 12, wherein said decomposing unit 

7 decomposes said subset using a binary tree algorithm into said at least one secondary 

8 subset. 

9 16. A transmitting apparatus according to claim 12, wherein said decomposing unit 

1 0 decomposes said subset into said at least one secondary subset using a multiple tree 

1 1 algorithm. 

12 17. A transmitting apparatus according to claim 12, wherein said entitlement control 

1 3 means is also used for controlling user information. 

14 18. A receiving apparatus in a conditional access system, wherein a set of all user nodes 

1 5 which the system can accommodate is a complete set, and a subset is composed of all or 

1 6 part of the user nodes, comprising: 

17 a receiving unit for receiving the scrambled video program and media key control 

1 8 block transmitted from a transmitting apparatus; 

1 9 a resolving unit for decrypting a cipher text by using a user key so as to obtain an 

20 entitlement key, wherein said cipher text is obtained by identifying said media key block 
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1 using the user key corresponding to the secondary subset to which said receiving 

2 apparatus belongs, and said secondary subset is obtained by decomposing said subset; and 

3 a program descrambling unit for decrypting said scrambled video program by using 

4 said entitlement key. 

5 19. The receiving apparatus according to claim 1 8, wherein said receiving apparatus 

6 further comprises a control word decrypting unit for decrypting said cipher text by using 

7 said entitlement key so as to obtain a control word; wherein said program descrambling 

8 unit descrambles said video program by using said control word. 

9 20. The receiving apparatus according to claim 1 9, wherein said cipher text is an 

1 0 entitlement control message (ECM). 

11 2 1 . An article of manufacture comprising a computer usable medium having computer 

1 2 readable program code means embodied therein for causing key distribution, the 

1 3 computer readable program code means in said article of manufacture comprising 

1 4 computer readable program code means for causing a computer to effect the steps of 

15 claim 1. 

16 22. A program storage device readable by machine, tangibly embodying a program of 

1 7 instructions executable by the machine to perform method steps for key distribution, said 

1 8 method steps comprising the steps of claim 1 . 

19 23 . A computer program product comprising a computer usable medium having 

20 computer readable program code means embodied therein for causing key distribution, 

2 1 the computer readable program code means in said computer program product comprising 

22 computer readable program code means for causing a computer to effect the functions of 

23 claim 10. 
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1 24. A computer program product comprising a computer usable medium having 

2 computer readable program code means embodied therein for causing transmission, the 

3 computer readable program code means in said computer program product comprising 

4 computer readable program code means for causing a computer to effect the functions ( 

5 claim 12. 

6 25. A computer program product comprising a computer usable medium having 

7 computer readable program code means embodied therein for causing reception, the 

8 computer readable program code means in said computer program product comprising 

9 computer readable program code means for causing a computer to effect the functions 
10 claim 18. 
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